phpBB worm :)

1

phpBB worm :)

offline
  • Peca  Male
  • Glavni Administrator
  • Predrag Damnjanović
  • SysAdmin i programer
  • Pridružio: 17 Apr 2003
  • Poruke: 23183
  • Gde živiš: Niš

Kaspersky Lab, a leading manufacturer of secure content management systems, has detected a new worm, Net-Worm.Perl.Santy.a. This worm infects certain web sites by exploiting a vulnerability in phpBB, a popular package used to create Internet forums. Santy.a is spreading rapidly, and has caused an epidemic. However, this does not directly affect end users - although the worm infects web sites, it does not infect computers used to view these sites.

Santy.a is something of a novelty - it creates a specially formulated Google search request, which results in a list of sites running vulnerable versions of phpBB. It then sends a request containing a procedure which will trigger the vulnerability to these sites. Once the attacked server processes the request, the worm will penetrate the site, gaining control over the resource. It then repeats this routine.

Once the worm has gained control over a site, it will scan all directories on the infected site. All files with the extensions .htm, .php, .asp, .shtm, .jsp and phtm will be overwritten with the text 'This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation'.


Apart from defacing infected sites with this text, the worm has no payload. It will not infect machines which are used to view infected sites. Kaspersky Lab recommends that all users of phpBB should upgrade to version 2.0.11 to prevent their sites from being defaced.


An urgent update to Kaspersky Anti-Virus databases has already been issued. Information about Santy.a can be found in the Kaspersky Virus Encyclopaedia.

Corporate Communications / Kaspersky Lab

10, Geroyev Panfilovtsev St, Moscow, 125363, Russia
Tel./Fax: +7 095 780 33 69, 797 87 00
E-mail: olga.kobzareva@kaspersky.com; http://www.kaspersky.com; http://www.viruslist.com

Visit Kaspersky Lab Virtual Press Office at www.kaspersky.com/press.html



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
offline
  • SVITAC 
  • Legendarni građanin
  • Pridružio: 28 Apr 2003
  • Poruke: 5919
  • Gde živiš: Beograd

eto objašnjenja .. Smile



offline
  • Peca  Male
  • Glavni Administrator
  • Predrag Damnjanović
  • SysAdmin i programer
  • Pridružio: 17 Apr 2003
  • Poruke: 23183
  • Gde živiš: Niš

objasnjenja za sta?

offline
  • Pridružio: 18 Apr 2003
  • Poruke: 5001
  • Gde živiš: Beograd

virtuelni hacker Smile

offline
  • Max  Male
  • Super građanin
  • Marko Milic
  • MWEB - Project manager & Front-end developer /Saobracajni inzenjer
  • Pridružio: 02 Nov 2003
  • Poruke: 1363
  • Gde živiš: Beograd - Jagodina

Koliko je MyCity zasticen od ove "napasti"?

offline
  • Peca  Male
  • Glavni Administrator
  • Predrag Damnjanović
  • SysAdmin i programer
  • Pridružio: 17 Apr 2003
  • Poruke: 23183
  • Gde živiš: Niš

od ove - 101%
taj 1% je to sto, cak i kada bi upao crv na forum, nista ne bi mogao da izmeni, jer php nema privilegiju da menja fajlove...
a onih 100% je u tome sto sam zakrpio tu rupu, jos novembra...

offline
  • Max  Male
  • Super građanin
  • Marko Milic
  • MWEB - Project manager & Front-end developer /Saobracajni inzenjer
  • Pridružio: 02 Nov 2003
  • Poruke: 1363
  • Gde živiš: Beograd - Jagodina

Znaci vest je malo matora?

offline
  • Peca  Male
  • Glavni Administrator
  • Predrag Damnjanović
  • SysAdmin i programer
  • Pridružio: 17 Apr 2003
  • Poruke: 23183
  • Gde živiš: Niš

nije vest matora, nego je rupa matora, nekih mesec dana...
vest i worm su novi...

offline
  • SVITAC 
  • Legendarni građanin
  • Pridružio: 28 Apr 2003
  • Poruke: 5919
  • Gde živiš: Beograd

Za neka skorašnja dogadjanja .. bar jedan deo njih .. Smile ..

offline
  • Goran 
  • Prof.Mr.Dr.Sci. Traumatologije
  • Pridružio: 05 Maj 2003
  • Poruke: 9977
  • Gde živiš: Singidunum

Peki, pa što nisi objavio zakrpu da im uštediš trud ovih 20-tak dana. Smile

Ko je trenutno na forumu
 

Ukupno su 856 korisnika na forumu :: 56 registrovanih, 8 sakrivenih i 792 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, _Sale, A.R.Chafee.Jr., AK - 230, aramis s, babaroga, bato, Boris90, Botovac, cole77, CrniGavran, cvrle312, DARKMEN22, DENIRO, DH, DJORDJE-NO-1, Dovla, goxin, Grana, Insan, Koca Popovic, Koridor 11, Krusarac, kybonacci, lavi, mane123, Marko Marković, Megapurpletv, mercedesamg, Mercury, mige, Mihajlo, mikrimaus, Milos ZA, moldway, Nebo_M, Panonsky, Rakenica, raketaš, Reddot, riva, rovac, royst33, sakota79, Srki94, ssekir75, stegonosa, StepskiVuk, Tas011, theNedjeljko, Username1000, vasaw, vlvl, vobo, xJeremijAx, Yellow Pinky